On the new encryption algorithm in JAVA11

Keeping an eye on the JDK process or Oracle's children's shoes all know that JDK 11 has entered the Rampdown Phase one phase at the end of June, when all new features of JDK 11 have been frozen and no longer added to the new JEP. Since some recent posts about the Des,3des and AES algorithms have been written, it is very interesting to note that one of the 17 new Jep included in JDK11---ChaCha20 and Poly1305 encryption algorithms----.

Chacha20-poly1305 is a new streaming encryption algorithm specifically designed for mobile CPU optimization, with a 3 times-fold improvement in performance compared to a common algorithm, especially on ARM platforms where the CPU is a thin instruction set (arm V8 before the effect is more pronounced). Where CHACHA20 refers to symmetric encryption algorithm, Poly1305 refers to the identity authentication algorithm. By using this algorithm, the amount of data generated by encryption and decryption can be reduced to improve the user experience, reduce waiting time and save battery life. Due to its streamlined algorithm, strong security and strong compatibility, Google is now committed to fully promote it on the mobile side.

From Google's published data, chacha20-poly1305 can improve the encryption and decryption performance of more than 30%, can effectively save mobile power consumption. In contrast to the current popular cryptographic suite AES-GCM, this algorithm can cause performance problems on hardware devices that do not support AES NI directives, such as most smartphones, tablets, and wearables. On the whole, on some mobile devices, chacha20-poly1305 encryption is more than 3 times times faster than AES. That is, when using chacha20-poly1305, older computers or mobile devices will spend less computing time on encryption and decryption, while reducing the decryption time means faster page loading and fewer device battery consumption.

For mobile devices, it is easy to draw the conclusion and solution: on a PC with hardware AES support, using the AES-GCM algorithm is undoubtedly a good choice; the cloud CDN platform intelligently chooses whether to provide AES-GCM or ChaCha based on the cryptographic suite supported by the client. 20-poly1305. For the latest Intel processors, we will use the standard AES-GCM algorithm, and for devices without hardware AES support, we will prefer chacha20-poly1305.

In terms of security, the chacha20-poly1305 cipher suite uses two algorithms, where CHACHA20 is the symmetric encryption algorithm, and Poly1305 is the identity authentication algorithm. As you can tell from the RFC, CHACHA20 provides 256-bit encryption strength, which is more than sufficient for the 128-bit encryption strength of the AES-GCM algorithm. In other words, using CHACHA20 as a symmetric encryption algorithm to secure HTTPS security is sufficient.

POLY1305 provides authentication as an authentication algorithm that prevents XXX from inserting false information into a secure data stream during the TLS handshake, Poly1305 provides about 100 bits of security enough to block this type of XXX. During the TLS handshake, authentication is less important than encryption, because even if XXX can add false messages to the data stream, the internal data information is not read if the key information is not cracked.

In summary, chacha20-poly1305, as a cryptographic combination, provides confidentiality, integrity, and authenticity to the data, bypassing all existing security vulnerabilities and XXX, a set of excellent cryptographic suite combinations.

Look forward to the official announcement of JDK11, the time to update you a wave of Java implementation.

Without permission, the reprint is declined. If you have any suggestions or questions, welcome to the group discussion, another group of learning materials Gift OH Group number: 661594029 For more information please pay attention to the public number

On the new encryption algorithm in JAVA11